Ubnt EdgeRouter X如何设置支持ipv6上网

目前各家主流家庭宽带运营商已经开启ipv4/ipv6双栈接入能力。

博主在很久前被种草 2018-03-22 购买了Ubnt EdgeRouter X路由器

今天测试了一位网友的配置,终于可以使用原生ipv4/ipv6双栈网络接入,网络环境:江苏扬州电信家庭宽带PPPoE拨号

使用ssh客户端工具,博主在windows上面使用的是Xshell,进入shell环境

ssh ubnt:ubnt@192.168.1.1
# 这是我的ipv6部分以及相应防火墙的设置,er-x sfp,应该和er-x差不多,eth0是wan口,eth1-eth4为lan口,switch0,供参考:


configure
# Configure the PPPoE for IPv6(eth0):
set interfaces ethernet eth0 pppoe 0 ipv6 enable
set interfaces ethernet eth0 pppoe 0 ipv6 address autoconf
set interfaces ethernet eth0 pppoe 0 ipv6 dup-addr-detect-transmits 1
set interfaces ethernet eth0 pppoe 0 dhcpv6-pd pd 0 prefix-length /60
set interfaces ethernet eth0 pppoe 0 dhcpv6-pd rapid-commit enable
set interfaces ethernet eth0 pppoe 0 dhcpv6-pd prefix-only

# Enable IPv6 SLAAC on the LAN(switch0):
set interfaces ethernet eth0 pppoe 0 dhcpv6-pd pd 0 interface switch0 host-address ::1
set interfaces ethernet eth0 pppoe 0 dhcpv6-pd pd 0 interface switch0 prefix-id :0
set interfaces ethernet eth0 pppoe 0 dhcpv6-pd pd 0 interface switch0 service slaac

# Enable IPv6 on switch0:
set interfaces switch switch0 ipv6 dup-addr-detect-transmits 1
set interfaces switch switch0 ipv6 router-advert cur-hop-limit 64
set interfaces switch switch0 ipv6 router-advert link-mtu 0
set interfaces switch switch0 ipv6 router-advert managed-flag false
set interfaces switch switch0 ipv6 router-advert max-interval 600
set interfaces switch switch0 ipv6 router-advert other-config-flag false
set interfaces switch switch0 ipv6 router-advert prefix '::/64' autonomous-flag true
set interfaces switch switch0 ipv6 router-advert prefix '::/64' on-link-flag true
set interfaces switch switch0 ipv6 router-advert prefix '::/64' valid-lifetime 2592000
set interfaces switch switch0 ipv6 router-advert reachable-time 0
set interfaces switch switch0 ipv6 router-advert retrans-timer 0
set interfaces switch switch0 ipv6 router-advert send-advert true

# create a policy for WAN->Router:
set firewall ipv6-name WANv6_LOCAL default-action drop
set firewall ipv6-name WANv6_LOCAL description 'Local network traffic'
set firewall ipv6-name WANv6_LOCAL enable-default-log
set firewall ipv6-name WANv6_LOCAL rule 10 action accept
set firewall ipv6-name WANv6_LOCAL rule 10 description 'Allow established/related sessions'
set firewall ipv6-name WANv6_LOCAL rule 10 state established enable
set firewall ipv6-name WANv6_LOCAL rule 10 state related enable
set firewall ipv6-name WANv6_LOCAL rule 20 action drop
set firewall ipv6-name WANv6_LOCAL rule 20 description 'Drop invalid state'
set firewall ipv6-name WANv6_LOCAL rule 20 state invalid enable
set firewall ipv6-name WANv6_LOCAL rule 30 action accept
set firewall ipv6-name WANv6_LOCAL rule 30 description 'Allow IPv6 icmp'
set firewall ipv6-name WANv6_LOCAL rule 30 protocol icmpv6
set firewall ipv6-name WANv6_LOCAL rule 40 action accept
set firewall ipv6-name WANv6_LOCAL rule 40 description 'allow dhcpv6'
set firewall ipv6-name WANv6_LOCAL rule 40 destination port 546
set firewall ipv6-name WANv6_LOCAL rule 40 protocol udp
set firewall ipv6-name WANv6_LOCAL rule 40 source port 547
# create a policy for WAN->LAN Clients:
set firewall ipv6-name WANv6_IN default-action drop
set firewall ipv6-name WANv6_IN description 'WAN inbound traffic to the router'
set firewall ipv6-name WANv6_IN enable-default-log
set firewall ipv6-name WANv6_IN rule 10 action accept
set firewall ipv6-name WANv6_IN rule 10 description 'Allow established/related sessions'
set firewall ipv6-name WANv6_IN rule 10 state established enable
set firewall ipv6-name WANv6_IN rule 10 state related enable
set firewall ipv6-name WANv6_IN rule 20 action drop
set firewall ipv6-name WANv6_IN rule 20 description 'Drop invalid state'
set firewall ipv6-name WANv6_IN rule 20 state invalid enable
set firewall ipv6-name WANv6_IN rule 30 action accept
set firewall ipv6-name WANv6_IN rule 30 description 'Allow IPv6 icmp'
set firewall ipv6-name WANv6_IN rule 30 protocol icmpv6
set firewall ipv6-name WANv6_IN rule 40 action accept
set firewall ipv6-name WANv6_IN rule 40 description 'allow dhcpv6'
set firewall ipv6-name WANv6_IN rule 40 destination port 546
set firewall ipv6-name WANv6_IN rule 40 protocol udp
set firewall ipv6-name WANv6_IN rule 40 source port 547
set firewall ipv6-receive-redirects disable
set firewall ipv6-src-route disable
set interfaces ethernet eth0 pppoe 0 firewall in ipv6-name WANv6_IN
set interfaces ethernet eth0 pppoe 0 firewall local ipv6-name WANv6_LOCAL

commit
save
exit
# 重启路由器
reboot

等待路由器5分钟重启完毕,重启网卡以重新获取ip地址,可以看到如下信息

打开当前博客任意页面,查看右侧小工具,检测当前ip地址是否是网卡分配的对应地址

参考资料: [网络] ER-X如何设置支持ipv6上网?

如何在阿里云ECS上部署原生ipv4/ipv6双栈网站

阿里云老早就在“呼和浩特”地域开放了ECS部署原生ipv6的能力,现在处于公测中。不排除会在其他地域开放此能力

此篇文章引导读者一步一步,使用 CentOS7 部署阿里云ipv6网站,ipv4不赘述。

网络上绝大多数使用he.net的免费转换服务,把he.net提供的ipv6地址和自己的服务器建立一个基于ipv4的网络隧道。这个虽然是切实可行的,架不住延迟大,不稳定。毕竟国内ipv6用户要使用ipv6协议访问到国内的服务器上,要绕道香港、新加坡或者日本。

另外阿里云和其他云厂商提供了收费的ipv6转换服务,当用户的ipv6请求过来后,ipv6转换服务会把网络包转换成ipv4的协议,再发送给ECS、SLB等等服务。

这些转换服务都不是原生的ipv6能力,需要依赖ipv4协议栈工作,而且不方便拿到客户端的ipv6地址,不推荐。

继续阅读“如何在阿里云ECS上部署原生ipv4/ipv6双栈网站”

如何在你的网站上加上IPV6检测功能

现在中国政府正在大力推进ipv6行业发展,个人的小网站可以追一追潮流,具体效果看右侧(手机端在最下面)。

话不多说,直接贴代码,此代码依赖jQuery

<span id="ipv6-span" style="color:red;">你的网络不支持IPV6</span>
<br>
<span id="ipv4-span" style="color:red;">你的网络不支持IPV4</span>
<script>
    jQuery.ajax({
        url: 'https://v4.yinghualuo.cn/bejson',
        type: 'get',
        dataType: 'json',
        success: function(json) {
            jQuery('#ipv4-span').css('color', 'green');
            jQuery('#ipv4-span').html('你的网络完美支持IPV4<br>' + json.ip);
        }
    });
    jQuery.ajax({
        url: 'https://v6.yinghualuo.cn/bejson',
        type: 'get',
        dataType: 'json',
        success: function(json) {
            jQuery('#ipv6-span').css('color', 'green');
            jQuery('#ipv6-span').html('你的网络完美支持IPV6<br>' + json.ip);
        }
    });
</script>

如果您需要在您的网站上调取此跨域请求接口,请联系博主批准后再正式运营。博主不能保证未批准的服务稳定性